The fraudsters, phishers, hackers, and pickpockets who thrive

Size: px
Start display at page:

Download "The fraudsters, phishers, hackers, and pickpockets who thrive"

Transcription

1 The U.S. Adoption of Computer-Chip Payment Cards: Implications for Payment Fraud By Richard J. Sullivan The fraudsters, phishers, hackers, and pickpockets who thrive off payment card fraud may soon have their work cut out for them. U.S. financial institutions have announced plans to add computer chips to their debit and credit cards in the next few years, a move likely to make payment card fraud more difficult. Compared with the magnetic-stripe payment cards carried by millions of U.S. consumers, the new chip cards will offer stronger defenses against fraud. But they certainly will not put an end to it. In fact, as countries around the world have adopted computer-chip cards, new trends in fraud have emerged. France, the Netherlands, and the United Kingdom all switched from magnetic-stripe to computerchip payment cards, with mixed results. The fraudulent use of lost and stolen cards declined in both France and the United Kingdom. But fraudsters soon shifted tactics and exploited other weak links in payment card security. In the United Kingdom, the eventual success at responding effectively to new trends in fraud depended, in part, on a system of fraud data collection and monitoring that is lacking in the United States. Richard J. Sullivan is a senior economist at the Federal Reserve Bank of Kansas City. This article is on the bank s website at 59

2 60 FEDERAL RESERVE BANK OF KANSAS CITY This article examines how computer-chip cards work differently from magnetic-stripe cards, describes the security improvements offered by the chips, and reviews their mixed track record at defeating fraud in other countries. Evidence from overseas suggests any prolonged accommodation of older-card technology during a transition to computerchip cards can allow fraudsters to exploit weak links in card security. Reliance on low-cost authentication methods also invites growth in fraud. U.S. regulators and industry leaders should expect shifts in the nature of payment card fraud and take proactive countermeasures. But the United States currently lacks effective tools to gauge what types of fraud are on the rise. Establishing a comprehensive monitoring system could help in assessing the level of payment card fraud, tracking trends in the fraud, and measuring the losses sustained by its victims. Section I reviews the distinct types payment card fraud and the security weaknesses in magnetic-stripe payment cards. Section II describes how computer chips can improve security and reviews how adoption of the new cards affected fraud patterns in France, the Netherlands, and the United Kingdom. Section III considers the implications for the United States of other countries experiences with computer-chip card adoption. I. PAYMENT CARD FRAUD AND MAGNETIC-STRIPE CARDS Only a small proportion of payment card transactions are fraudulent, but the losses are large because the total volume of payment card use in the United States is immense. U.S. cardholders used more than one billion debit and credit cards in 2011, making 69 billion transactions, valued at more than $3.9 trillion (Nilson Report 2012a, 2012b; Federal Reserve Board). These payment card transactions accounted for roughly 60 percent of all noncash retail payments in the country. Even a small fraction of that kind of volume can amount to billions of dollars in losses for banks and merchants. In 2009, payment card fraud losses in the United States totaled an estimated $3.4 billion (Table 1). 1 Fraud trends and prevention methods Payment card issuers report that three forms of compromised security account for most fraudulent transactions: lost or stolen cards, card

3 ECONOMIC REVIEW FIRST QUARTER Table 1 LOSSES DUE TO FRAUD ON CARD PAYMENTS United States, 2009 Loss per Dollar Value of Transactions in millions Value of Loss 2 in millions PIN Debit Cards % $563,100 $179.6 Signature Debit Cards % $857,500 $1,089.9 General Purpose Credit Cards % 1 $1,714,000 $2,178.5 Prepaid Cards % $140 $0.6 Total $3,134,740 $3,448.1 Note: The estimates in this table are for losses on purchase transactions for both merchants and card issuers. 1 The loss rate for general-purpose credit cards is assumed to be the same as the loss rate for signature debit cards. General-purpose credit cards and signature debit cards use similar authentication and approval protocols. 2 Value of loss is the product of loss per dollar and value of transactions. Sources: Figures for loss per dollar are from Board of Governors. Figures for value of transactions are from Federal Reserve System. counterfeiting, and fraudulent purchases made by Internet, mail order, and telephone order (IMOTO). 2 Fraud types and rates of success differ for card payments authorized by signature and those authorized by personal identification number (PIN). 3 Because forging signatures is easier than stealing PINs, the loss per dollar for signature-authorized payments is significantly higher than losses for PIN payments (Table 1). 4 For signature debit cards, the most common category of security compromise in 2006 was lost or stolen cards, accounting for 32 percent of all signature debit fraud that year. By 2010, however, lost or stolen cards as a share of all signature debit fraud had fallen to 27 percent (Chart 1, Panel A). Fraud on IMOTO transactions also declined from 31 percent to 25 percent as a share of total signature debit over the period, while card counterfeiting rose from 29 percent to 41 percent and became the foremost category of signature debit fraud. For PIN-authorized transactions (whether by debit purchase or ATM withdrawal), the primary categories of compromise have been lost or stolen cards and card counterfeiting (Chart 1, Panel B). In 2006, 2008, and 2010, the most common fraud category was lost or stolen cards, but counterfeiting has risen sharply since 2006, and by 2010 its share of total PIN debit fraud was close to that of lost or stolen cards. Lost or stolen cards accounted for 59 percent of PIN debit fraud in 2006 but fell to 49 percent by 2010, while counterfeiting s share rose from 21 percent to 44 percent. IMOTO transactions accounted for only a minor share of PIN debit fraud throughout the period. 5

4 62 FEDERAL RESERVE BANK OF KANSAS CITY Chart 1 SHARES OF ATM AND DEBIT CARD FRAUD BY METHOD OF COMPROMISE Percent 60 A. Signature Debit Transactions Counterfeit Card IMOTO Lost or Stolen Other Methods Percent B: PIN (ATM and Debit) Transactions Counterfeit Card IMOTO Lost or Stolen Other Methods Source: American Bankers Association 2007, 2009, Note: The survey question asked respondents to report the method by which fraudsters committed card payment fraud. The survey included 176 commercial bank participants for 2006 and 170 for For 2010, the survey included 117 full participants and 68 participants who completed an abridged version of the survey. IMOTO: Transaction by Internet, mail order, or telephone order. Other includes card not received for 2010.

5 ECONOMIC REVIEW FIRST QUARTER Card issuers employ a variety of techniques to prevent payment fraud. A decision to approve any card transaction will typically require that the transaction conform to certain preset parameters and comply with a number of rules, such as limits on transaction size. These decision rules are used in combination with transaction screening methods for identifying transactions that have a high likelihood of being fraudulent. Finally, issuers and merchants both take steps in an authentication process aimed at verifying the legitimacy of the cardholder and card. Card issuers conduct some steps in the authentication process remotely while relying on merchants to conduct other steps at the location of the transaction. The text box on the following page provides more detail on the use of decision rules, transaction screening, and authentication protocols to combat fraud. The transmission of encrypted information from a card payment terminal to a card issuer is a key part of the authentication process. Using cryptographic techniques, card issuers write verification codes into the magnetic stripe of each card they manufacture. When a cardholder swipes a magnetic-stripe payment card at a payment terminal, the terminal transmits the verification code to the issuer. The issuer reads the code to be sure it is consistent with the card account number and its expiration date. Any inconsistency may lead the issuer to suspect fraud and decline the transaction. Verification codes thus give merchants and issuers some degree of assurance that the card and cardholder are legitimate. In the United States, almost all card payment terminals have live telecommunication connections to card issuers, allowing real-time authentication. 6 The initiation of a card payment proceeds in three stages: card presentment, authentication and screening, and the final decision to approve or reject. 7 Figure 1 illustrates these stages and depicts the flow of information involved in single magnetic-stripe card payment. Step-by-step details of the initiation of card payments and the role of authentication are provided in the Appendix. The vulnerabilities of magnetic-stripe cards Vulnerabilities in the authentication protocols of magnetic stripe cards particularly the static nature of their verification codes, which do not change from transaction to transaction can be exploited in

6 64 FEDERAL RESERVE BANK OF KANSAS CITY Figure 1 INITIATION OF MAGNETIC-STRIPE CARD PAYMENTS Card Presentment Authentication and Screening Cardholder Payment Card Magnetic Stripe Verification code Payment Terminal Transaction data and verification code Card Issuer PIN or signature Approve/reject Decision diverse ways to send false signals to card issuers. Methods include counterfeiting, signature forgery, PIN harvesting, the use of lost or stolen cards for IMOTO transactions, and data theft. Counterfeiting a magnetic-stripe card is far easier than counterfeiting a computer-chip card. With the correct data and equipment, fraudsters can create counterfeit magnetic-stripe cards and use them carefully to avoid standing out in a transaction screening process. A relatively simple method for making counterfeit magnetic-stripe cards requires only a computer and a device that can read cards magnetic stripes and also write on them. The equipment is used with an existing card to encode the magnetic stripe with stolen data from another card. The emergence of prepaid gift cards facilitates re-encoding because the cards do not carry the name of the cardholder, thus eliminating a piece of information that is otherwise useful for authentication (Acohido and Swartz). Counterfeiting a new magnetic-stripe payment card with the use of stolen data is more difficult because it requires embossing equipment and blank cards. Nevertheless, motivated fraudsters can find the equipment and supplies they need (Roberts). 8 Whether using a re-encoded or newly created payment card, fraudsters can make a given transaction appear legitimate by replaying the static card data. Signature-authorized transactions can be accomplished by forging the legitimate cardholder s signature, which can usually be found on the back of a lost or stolen card. Issuers must rely on cashiers to reject forged signatures on card payments. 9 PIN transactions are less prone to fraud because PINs are normally kept secret. However, PINs can be harvested through methods ranging

7 ECONOMIC REVIEW FIRST QUARTER STRATEGIES TO GUARD AGAINST CARD PAYMENT FRAUD Card issuers and merchants guard against fraud with a combination of three strategies: decision rules, transaction screening, and authentication. Decision rules help limit losses in cases where illegitimate transactions are approved as a result of successful fraud. The magnetic stripe on payment cards contains parameters for rules enforced at the payment terminal. For example, rules determining requirements for payment approval, known as floor limits, are encoded on the card and enforced at the payment terminal (Anderson 2008c). Payment approval systems use automated computer systems. A card issuer might operate the computer system or may outsource its operation to a payment processing intermediary. Low-value transactions may not require issuer approval. A payment-processing intermediary might approve mid-value transactions. Only the issuer would approve high-value transactions. The rules allow automatic approval on lowervalue transactions to provide flexibility for various kinds of transactions such as those for parking fees or for mass transit tickets. Other rules set maximum values for any single transaction, determine whether a signature or PIN is required for authorization, and dictate whether international transactions are allowed. Transaction screening is aimed at identifying transactions that are likely to be fraudulent. The most basic step in transaction screening is for a card issuer to consult records to ensure a payment card and account are both active. The issuer may also enforce a maximum number and maximum value of daily transactions. Advance screening methods seek to detect patterns suggestive of fraud and assign scores indicating the estimated probability that a given request for transaction approval is fraudulent. One method analyzes purchase transactions that are at high risk for fraud, such as purchases of electronic equipment, liquor, gasoline, out-of-country transactions, and IMOTO transactions (Anderson 2008c). Another method analyzes individual transactions to identify those that are out of character for the cardholder and thus seem more likely to be fraudulent. Transaction screening typically involves a computing technique known as neural networking. Authentication involves processes designed to verify the legitimacy of both cardholders and the payment cards they present. Issuers conduct their authentication processes remotely while relying on merchants to conduct some authentication processes at the location where payment is made. When a customer presents a payment card to a merchant, the merchant regards possession of the card as verification that the customer owns the card account and can legitimately authorize a payment. For a signature card payment, the merchant can do more to authenticate the cardholder by comparing the signature on the payment terminal with the signature on the back of the card. The merchant authenticates the card by verifying special attributes on the card to rule out counterfeits. The card may include attributes that counterfeiters find hard to

8 66 FEDERAL RESERVE BANK OF KANSAS CITY duplicate, such as an elaborate brand logo or a hologram, or information that is repeated on the card, such as elements of the card s account number embossed on the front and printed on the back of the card (MasterCard). Issuers also rely on merchants to screen for counterfeit cards. The PIN authenticates the cardholder in a PIN debit or an ATM transaction, but the issuer relies on the merchant to authenticate the cardholder in a signature debit or credit card transaction. Authentication efforts by issuers involve the use of cryptographic card authentication codes to authenticate payment cards. Computer-chip payment cards improve issuers capacity to authenticate payment cards by producing a more effective, secure kind of authentication code in a process known as dynamic data authentication. The Appendix provides details of the card payment approval process for both magnetic-stripe and computerchip payment cards. from shoulder surfing by a cashier to more high-tech methods, such as employing fake PIN pads, clandestine video cameras, or tampered payment terminals. In one 2010 case, Las Vegas police arrested a suspect for installing devices on gas pumps to obtain data from more than 13,000 credit and debit cards (Payments Source). The suspect allegedly used the data to re-encode existing payment cards and committed fraud valued at more than $500,000. In another 2012 case, a retail chain found an estimated 90 tampered card terminals that captured both card data and PINs (Digital Transactions News 2012a). Similarly, imposters can commit payment fraud through IMOTO transactions with lost or stolen cards. Consumers complete transactions at an Internet site by entering card information into appropriate data fields. Merchants and issuers can find it difficult to know whether the card information is legitimate because the merchant cannot see the payment card. Similar difficulties occur if the transaction is over the telephone or by mail order. To fight IMOTO fraud, issuers print a card verification code on the back of the card. The issuer can use the code to authenticate the card and gain additional assurance that the customer has it in his or her possession. However, this layer of security will work only if the IMOTO merchant requires the verification code, which is not always the case. 10 Data breaches are a key source for stolen card data. Fraudsters can use the data to create counterfeit cards and to conduct IMOTO transactions. The web site Data Loss Database reports that payment card

9 ECONOMIC REVIEW FIRST QUARTER Table 2 SOURCE OF COMPROMISED DATA USED FOR PAYMENT CARD FRAUD Financial Institutions, 2008 and 2010 Source of Compromised Data Year Data Breaches Phishing or Spoofing Skimming Percent Source: American Bankers Association 2009, Note: Survey respondents were asked to report the extent to which losses their banks had incurred from card payment fraud were a result of information obtained by data breaches, phishing or spoofing, or skimming. In 2008, 170 commercial banks were surveyed. For 2010, survey respondents included 117 full participants and 68 participants who completed an abridged version of the survey. data was exposed in 954 of the 6,784 publicly announced data breaches since In the largest U.S. data breach, hackers installed software on the computer system of a payment processor that exposed data from 130 million payment cards in 2009 (DatalossDB). The breach affected at least 670 banks, with at least 197 re-issuing many of their payment cards. 12 In addition to the costs of reissuing cards, banks that suffer such breaches must bear the expense of notifying customers, the monetary losses from the use of card information to commit payment fraud, the legal costs of resolution, and the cost of a damaged reputation (Wicks). Additional methods leading to breached data, aside from hacking, include the theft of computers, social engineering or scams, website searches, and documents retrieved from trash containers. Stolen data can also come from sources other than data breaches. Consumers sometimes reveal payment card information in response to fake s (phishing) or fake websites (spoofing). 13 Fraudsters also install disguised magnetic-stripe card readers on gas pumps, ATMs and other locations, skim card data as cardholders present their cards, and collect that data for later use (Nikias). Depository institutions report that data breaches were the leading source of compromised data used for payment fraud in 2008, accounting for 43 percent of fraud losses tied to stolen data. However, this share declined to 31 percent by 2010 as other sources of compromised data increased (Table 2). Over this period, data skimming grew to be the leading source of compromised data, rising from 15 percent in 2008 to 35 percent in Phishing and spoofing accounted for 22 percent

10 68 FEDERAL RESERVE BANK OF KANSAS CITY of compromised data in 2008 and 29 percent in Another survey of debit card issuers found that 94 percent of respondents had been affected by at least one data breach (Pulse Network). Among the surveyed debit card issuers, data breaches had exposed the data of 31 percent of their debit cards, on average. II. THE ADOPTION OF COMPUTER-CHIP CARDS Computer-chip payment cards are replacing magnetic-stripe cards in nearly all developed countries in the world. The new cards comply with the Europay, MasterCard, and Visa (EMV) specifications, which define methods of processing and security features for computer-chip cards issued by MasterCard, Visa, JCB, and American Express. 14 Adherence to the specifications ensures interoperability wherever issuers adopt EMV-based cards and wherever merchants accept them. In 2011, 44.7 percent of payment cards and 76.7 percent of payment terminals worldwide complied with the EMV specifications (EMVCo). 15 All EMV payment cards have computer chips with the capacity to use encryption protocols. The advantages of computer-chip cards Cards with an imbedded computer chip used for payments have many more capabilities than magnetic-stripe cards (Smart Card Alliance). Computer-chip cards are much harder to counterfeit, can protect information stored on the chip more effectively, and can defend against unauthorized intrusions. A computer-chip card can use encryption to protect sensitive data, can authenticate messages that it receives, and can send messages to issuers that enable the issuers to authenticate transactions more reliably than they can with magnetic stripe cards. 16 Computer-chip payment cards also can modify payment data for security purposes. The capacity of the computer chip on a payment card to encrypt data makes possible a process of dynamic data authentication. 17 Unlike magnetic-stripe cards, which bear static verification codes that do not change from one transaction to another, computer-chip payment cards can customize a distinct verification code for each transaction. 18 One type of card capable of dynamic data authentication

11 ECONOMIC REVIEW FIRST QUARTER Figure 2 INITIATION OF COMPUTER-CHIP CARD PAYMENTS Card Presentment Authentication and Screening Cardholder Payment Card Computer Chip Dynamic verification code Payment Terminal Transaction data and dynamic verification code Card Issuer PIN or signature Approve/reject Decision is already in use in the United States. Known as contactless cards, these cards have embedded computer chips that can transfer transaction data via radio signal if the cardholder passes the card close to a payment terminal. The chips on these cards use secret encryption keys and algorithms to produce changing verification codes for use in authentication (Smart Card Alliance). Figure 2 illustrates the three stages of processing a computer-chip card payment and the associated information flows. The computer chip generates a dynamic verification code by adding a transaction-specific number to the other card data, ensuring that the verification code changes from transaction to transaction. Changing the verification code used for authentication in payments has a similar benefit to requiring computer users to change their passwords regularly. If a hacker steals a password, but users change passwords regularly, the window within which the hacker can take advantage of the stolen password is small. If a hacker steals payment card data that produces dynamic verification codes, the hacker s ability to use the card data for fraud is similarly limited. 19 Dynamic authentication helps prevent fraud at the transaction level. 20 It stops fraudsters from making fraudulent payments merely by replaying the data from a payment card that uses the same verification code for every transaction. Under a dynamic data authentication protocol, such an approach would be unsuccessful because fraudsters cannot generate the ever-changing verification codes needed for successive transactions.

12 70 FEDERAL RESERVE BANK OF KANSAS CITY Dynamic data authentication also has a general effect that helps reduce all methods of card payment fraud. The weak authentication of magnetic-stripe payment cards provides criminals with incentive to obtain card data for use in making fraudulent payments. The stronger authentication processes made possible by computer-chip cards, however, reduce criminals incentives to obtain card data. As a result, data breaches, phishing, and social engineering attacks are all likely to decline as computer-chip cards become widespread. The recent experiences of France, the Netherlands, and the United Kingdom as they shifted from magnetic-stripe to computer-chip payment cards reveal the benefits of adopting computer-chip payment cards and the challenges posed when fraud shifts to payments with relatively weak authentication protocols. Adoption in France France began to use computer-chip payment cards in 1992 and upgraded to the EMV specification between 2001 and Initially, French issuers used cards with static data authentication. Fraudsters learned how to reprogram the card so that some transactions would pass the approval process with any PIN. (Given the capacity of such reprogrammed cards to obtain approvals, they became known as Yes cards.) 21 French issuers responded by switching to dynamic data authentication cards from 2005 to As a result, counterfeit card fraud declined substantially in Fraud on lost or stolen cards also fell. Subsequently, however, French fraudsters simply turned their focus to types of transactions that involve weaker authentication methods a trend that may have implications for the future of payment card fraud in the United States. By 2010, fraud on IMOTO transactions was the top source of card payment fraud in France (Observatory for Payment Card Security 2011). The fraud rate on IMOTO transactions increased yet further in 2011, accounting for 61 percent of the total value of card payment fraud in France, but only 8.4 percent of the total value of all French card payments. As a preventive measure, French authorities now encourage Internet merchants to adopt an enhanced type of IMOTO transaction authentication called 3D secure. 22 In 3D secure payments, a cardholder registers a payment card with the issuer and creates a PIN, which the cardholder then uses in an Internet purchase. Cardholder

13 ECONOMIC REVIEW FIRST QUARTER authentication is much stronger in 3D secure transactions because the cardholder must use the PIN. Although the fraud loss rate on card payments in France drifted downward for several years and is still relatively low, it ticked up in 2011 for card-present transactions, both for purchases and for withdrawals from bank accounts. (Card-present transactions are those wherein the card is actually present at the location of payment, as opposed to IMOTO transactions where the card is not present.) Authorities attribute the rise to an increase in theft of cards wherein the thief also obtains a PIN. Adoption in the Netherlands In 2006, along with all members of the Single European Payments Area (SEPA), the Netherlands was mandated to migrate to EMV payment cards. 23 The Netherlands began the switch to EMV cards and terminals in 2007 (Currence 2007). Although the switch was within the 2010 target completion date for the EMV transition, the Netherlands retained magnetic-stripe cards longer than most other SEPA countries. 24 Criminals took advantage of the magnetic-stripe terminals to skim card data and create counterfeit cards. In 2011, there were 555 successful skimming attacks on payment terminals, up from 176 in Nearly half of the successful payment terminal skimming attacks occurred in unattended parking lots. Another 182 successful skimming attacks occurred on ATM machines. Losses due to card skimming rose from 2.5 million ($3.1 million)in 2005 to over 35 million ($49 million) in Losses dropped to 20 million ($27 million) in 2010 but rebounded to nearly 40 million ($56 million) in 2011 (Currence 2011). The Netherlands has now completed the migration to EMV cards and terminals but remains exposed to skimming attacks because EMV payment cards often also have magnetic stripes and some locations still accept magnetic-stripe cards. Although discussions have been held in Europe on removing magnetic stripes from payment cards, practical difficulties relating to equipment compatibility, the speed of transactions, and the need for fallback options when EMV is unavailable have delayed their elimination (Observatory for Payment Card Security 2010).

14 72 FEDERAL RESERVE BANK OF KANSAS CITY Adoption in the United Kingdom A phased, national rollout of EMV payment cards in the United Kingdom began in October 2003, with a targeted completion date of February EMV payment cards in the UK are called chip-and- PIN cards because all transactions (purchases and withdrawals) require a PIN. The benefits of EMV payment cards were apparent as early as 2005 when fraud losses due to lost or stolen cards began to decline (Chart 2). Both the added fraud protection due to the computer chip and the required use of a PIN for transactions successfully limited the ability of anyone who possessed a lost or stolen card to create a fraudulent payment. Payment fraud soon migrated to channels in the UK with weaker authentication, such as cards still using magnetic stripes and IMOTO purchases. 25 For backward compatibility, during a transition period, new EMV payment cards typically had both computer chips and magnetic stripes. Fraudsters could then make counterfeit magnetic-stripe payment cards and use them wherever merchants or ATMs still accepted the cards, especially outside the UK. As a result, fraud losses on counterfeit cards in the UK grew from 97 million ($176 million) in 2005 to 170 million ($312 million) in The move to EMV payment cards also left authentication unchanged for IMOTO transactions, making them another attractive outlet for fraudsters. Fraud on IMOTO transactions grew rapidly, from 183 million ($333 million) in 2005 to 328 million ($602 million) in After 2008, fraud losses with counterfeit cards and on IMOTO transactions declined. The decline was due to two factors. First, more merchants and ATMs on the European mainland had converted by that time to accept EMV payment cards, so fraudsters with counterfeit magnetic-stripe cards could no longer easily find locations where magnetic-stripe cards were accepted, merely by crossing borders. Second, increasingly, merchants in the UK were adopting 3D secure systems for their IMOTO transactions. In 2007, only 25 percent of respondents to a survey of UK Internet merchants reported that they accepted 3D secure payments, but the same survey found at least 59 percent of respondents accepted 3D secure in 2011 (Cybersource 2008, 2012b). 26 Total fraud losses on payment cards in the UK fell significantly, from a

15 ECONOMIC REVIEW FIRST QUARTER Chart 2 VALUE OF LOSSES DUE TO CARD PAYMENT FRAUD IN THE UNITED KINGDOM Millions Chip-and-PIN deployment Source: UK Cards Association 2012a. IMOTO Counterfeit Mail non-receipt Lost or stolen cards Account takeover Total peak of 610 million ($1,120 million) in 2008 to 341 million ($547 million) in The experiences with computer-chip payment cards in France, the Netherlands, and the United Kingdom show that the ability to deter card payment fraud depends not only on the use of computer chips but also on other key factors. Computer chips proved their value for limiting fraud on counterfeit cards. However, computer-chip cards that still allowed the use of static data authentication were still vulnerable to attacks. Other significant declines in fraud were independent from the adoption of computer chips, resulting instead from the elimination of the magnetic stripe and improved authentication methods for IMOTO transactions. III. IMPLICATIONS FOR THE UNITED STATES OF FRAUD TRENDS IN EUROPE American Express, Discover, MasterCard, and Visa have recently announced plans to switch to EMV-compliant, computer-chip payment cards in the United States (Digital Transactions News 2012b). Issuers that use these card brands will release EMV payment cards over

16 74 FEDERAL RESERVE BANK OF KANSAS CITY the next few years. The card brands are also creating strong incentives for merchants to begin accepting the new cards by modifying liability rules for fraudulent card payments. Liability for fraudulent payments, which falls to the card issuer in an approved, card-present transaction, will shift to the party in the payment process (issuer, processor or merchant) that provides the least security. 27 The current schedule shifts fraud liability on October 1, If the use of EMV payment cards in the United States leads to a fraud loss pattern similar to the patterns seen in France, the Netherlands, and the UK, then U.S. fraud losses could fall by as much as 40 percent. In 2009, the loss rate for the United States on the value of card purchase transactions was an estimated percent (Table 3). France has used EMV payment cards for many years, and in 2009, its fraud loss rate was percent, or 39 percent lower than the U.S. loss rate. The UK deadline for the switch to EMV payment cards was April 2006, and by 2009 its fraud loss rate was percent. The loss rate for the UK continued to fall to percent in 2011, or 41 percent lower than the 2009 loss rate on payment cards in the United States. 28 The experiences of other countries may illustrate the shortterm impact that EMV payment cards could have on fraud in the United States. EMV payment cards will likely succeed in cutting off some methods of card payment fraud but fraud will also shift to other types of card payment with relatively weak authentication protocols. Counteracting those shifts may require additional steps. Counterfeit cards are a leading, and increasing, method of committing fraud on debit cards in the United States. The adoption of computer-chip payment cards will help to reduce counterfeiting. But as long as card issuers maintain the magnetic-stripe, either alone on payment cards or along with a computer chip, they will continue to be a significant and possibly increasing source of counterfeit card fraud. Fraud for card-present transactions on lost or stolen cards may stay the same or even potentially increase. Many countries that use EMV payment cards do not allow cardholder authentication with signatures. Issuers in the United States, however, appear likely to continue to allow signature authorization on EMV debit and credit card transactions (Heun; Punch). As a result, fraud on lost or stolen cards may not decline in the United States. Fraud may even rise as fraudsters,

17 ECONOMIC REVIEW FIRST QUARTER Table 3 INTERNATIONAL COMPARISON OF LOSS RATES ON DEBIT AND CREDIT CARD Purchase Transactions 2009 Location of card issuer Loss per Value of Transactions (percent) United States United Kingdom France Average fraud loss is $3.45 billion in losses divided by $3.13 trillion transactions, which equals 0.11 percent. Similar calculations apply to the United Kingdom and France. Sources: United States: Board of Governors and Federal Reserve System (see Table 1). United Kingdom: UK Cards Association 2012a, 2012b. France: Observatory for Payments Card Security Note: Losses are for card issuers in each country on both domestic and foreign purchase transactions. The United Kingdom loss rate includes a small number of foreign ATM withdrawals. unable to commit fraud on counterfeit cards, begin to target payments with relatively weak security, such as transactions that allow signature authorization. 29 Fraudsters may put more effort into stealing computerchip payment cards, knowing that they may be able to commit a few fraudulent transactions using a forged signature before issuers cut off use of the card. For similar reasons, fraud in IMOTO transactions in the United States can be expected to increase. Stronger authentication for Internet transactions, such as 3D secure systems, could limit this method of payment fraud. Alternatively, a secure computer-chip payment card reader attached to a customer s computer could make use of the card s computer chip and thus obtain the full advantage of the chip s dynamic data authentication capacity. Concerns over costs and customer convenience, however, make it is unclear whether issuers will support these options. Fraudsters cost-benefit calculations for exploiting other flaws in the EMV specifications will also change. Computer experts have uncovered potential weaknesses on EMV payment cards (Anderson 2012c). For example, fraudsters could tap into the middle of a payment communication link, alter and divert the payment message to a confederate, and fool the payment approval system into accepting a fraudulent payment (Murdoch). These exploits are prototypes that are difficult to implement, and there are no reports of their use other than as demonstrations. However, the payoff to payment fraud is high enough that

18 76 FEDERAL RESERVE BANK OF KANSAS CITY fraudsters are likely to research these alternatives and possibly develop technology to make them practical. In the process, they may find other weaknesses of which the industry is unaware today. The experience of countries that have adopted computer-chip payment cards shows that EMV payment cards offer capabilities for strengthening authentication and preventing fraud. The degree of payoff from adopting the cards only emerges over time, however, because authentication methods tend to evolve and improve during a transition period. Still, some fraud will migrate to payments with weak authentication capacities, and card issuers will need countermeasures to improve authentication. IV. CONCLUSION As the United States begins its transition to computer-chip payment cards, the country will reap the benefits of dynamic data authentication and improved resistance to counterfeiting. Some sources of payment fraud, such as counterfeit cards, will decrease. However, experience also shows that other sources of fraud are likely to increase. Thus the prospects for reducing overall card payment fraud depend on how authorization and authentication protocols are implemented. If weaker authorization protocols continue, such as signatures for card payments rather than PINs, the degree of fraud reduction that can be achieved will be limited. Similarly, unless authentication protocols are improved for IMOTO transactions, such transactions will become a weak link in the defenses against fraud, and IMOTO fraud will likely increase. The payment industry must also be alert to new forms of fraud as attackers probe for security weaknesses and exploit them. Fraudsters have strong incentives to commit payment fraud and will continue to test security measures and sometimes defeat them. Card issuers, in turn, will need to reevaluate their choices of authorization and authentication methods periodically, as new trends in fraud emerge. In contrast with many other advanced countries, the United States does not have a comprehensive system for collecting and reporting statistics on payment fraud (Sullivan 2009). Timely information on the sources of fraud allows policymakers and the card payment industry to respond swiftly and effectively to new attacks. The UK system for capturing and monitoring such information was a critical asset enabling the payment card industry there to respond to the new trends in fraud

19 ECONOMIC REVIEW FIRST QUARTER that emerged during the transition to chip-and-pin cards. In fact, in the absence of critical information on the sources and types of card payment fraud, efforts aimed at limiting fraud may be misdirected and wasteful. Both regulators and the card payment industry could benefit from mechanisms to measure the levels and sources of fraud and to identify who pays the price and how much is paid for the nation s losses from payment card fraud.

20 78 FEDERAL RESERVE BANK OF KANSAS CITY APPENDIX CARD PAYMENT INITIATION, ENCRYPTION, AND MESSAGE AUTHENTICATION CODES The initiation of card-present payments has three stages: card presentment, authentication and screening, and the decision to approve or reject. Figure A, Panel A illustrates these steps and shows the flow of information for both magnetic-stripe and computer-chip card payments. The processes differ, with computer-chip card payments involving additional steps that enable more effective authentication. In a standard magnetic-stripe card payment, the cardholder first presents a card to a payment terminal, by swiping the card or inserting it into the terminal. The terminal captures card data from the magnetic stripe, including the card account number (which is known as the primary account number) the cardholder s name, and the expiration date (Observatory for Payment Card Security 2010). The terminal also captures a verification code from the magnetic stripe. 30 The cardholder then authorizes the payment by providing a signature or entering a PIN. In a PIN transaction, the terminal uses its own computer chip to encrypt the PIN (Figure A, Panel B). The terminal adds details about the transaction, such as transaction value and merchant identification data, to the card data and the encrypted PIN. The terminal then sends all of the transaction data to the issuer for authentication and screening. The issuer authenticates the verification code. The issuer also verifies the account by ensuring that the primary account number, cardholder name, and expiration date match its records, and checks that either sufficient funds are in a debit card account or a credit limit is sufficient on a credit card transaction. The issuer may then screen details of the transaction to determine whether it is at high risk for fraud. If the transaction passes these steps, the issuer will allow the transaction to proceed by returning an approval message to the merchant. If the transaction does not pass any of the steps, the issuer rejects the transaction. In a computer-chip card payment, the transaction proceeds in a fashion similar to the magnetic-stripe transaction, but the computer chip generates a dynamic verification code by adding information unique to each given transaction such as a serial number to other card information. The chip then applies an encryption algorithm to generate a dynamic verification code and sends it to the payment

21 ECONOMIC REVIEW FIRST QUARTER terminal (Figure A, Panel C). The dynamic verification code (sometimes called a dynamic cryptogram) is added to other payment information and sent to the card issuer. The dynamic verification code includes the information contained in the verification codes of a magnetic-stripe cards, allowing the issuer to authenticate the transaction by comparing information sent by the terminal to its internal records. But computer-chip authentication is enhanced because the issuer can consult its records to see if any user has previously submitted the exact same dynamic verification code. If not, the issuer knows that the data sent to the issuer for payment approval is not a replay of a previous transaction and thus has additional assurance that the transaction is genuine. The role of authentication, encryption, and message authentication codes Authentication protocols are crucial for the issuer to trust a given transaction. Both the verification code from a magnetic-stripe payment card and the dynamic verification code from a computer-chip payment card are key components in their respective authentication protocols. In each case, encryption plays a crucial role. The best known purpose of encryption is to keep sensitive information private, but encryption also can be used to help ensure that a message is genuine. The verification codes are examples of message authentication codes (MACs), generated by an encryption key and a mathematical process, or algorithm (Anderson 2008b, 2008c). To make this method of authentication work, only the card issuer can have the encryption keys and knowledge of the specific algorithms used to derive the verification codes. 31 A MAC helps a card issuer make a correct decision to accept or reject a given payment. In a computer-chip card payment, the chip generates a MAC based on the cardholder s primary account number, the card s expiration date, and a serial number or other transaction-unique data. (Anderson 2008b; Smart Card Alliance). 32 The issuer tracks the unique data of the card s transactions and uses them, along with other payment card data from its internal records, to generate a MAC for each transaction. The MAC that the issuer has generated for the given transaction is then compared with the MAC sent by the computer-chip card. If they do not match, the issuer does not approve the transaction (CUNA Mutual Group).

22 80 FEDERAL RESERVE BANK OF KANSAS CITY Figure A INITIATION OF MAGNETIC-STRIPE AND COMPUTER CHIP CARD PAYMENTS Steps in italics are available with computer-chip payment cards Panel A Card Presentment Authentication and Screening Cardholder/ Card Payment Terminal Card Issuer Decision Panel B Magnetic-Stripe Card Payment Panel C Computer-Chip Card Payment Payment Terminal Payment Card PIN Computer chip located in terminal Encrypted PIN Computer chip located on card Dynamic verification code Card Presentment 1. Cardholder presents card and terminal captures card data (primary account number, cardholder name, expiration date, and security code) 2. Cash register sends purchase information to payment terminal 3. Cardholder enters PIN or signature 4. In a PIN transaction, payment terminal generates encrypted PIN (Panel B) 4a. Computer-chip payment card calculates dynamic verification code, using an encryption algorithm, a symmetric encryption key, and a transaction serial number or other transaction-specific data (Panel C) 4b. Terminal captures dynamic verification code Authentication and Screening 5. Payment terminal sends card data, merchant ID, transaction value, and static verification code to issuer 5a. Terminal sends a dynamic verification code to issuer 6. Issuer authenticates PIN and card (PIN transaction) or card (signature transaction) 6a. Issuer confirms dynamic verification code is not a duplicate 7. Issuer verifies primary account number, expiration date, cardholder name, and available balance 8. Issuer screens transactions for high risk of fraud Decision 9. Issuer approves and terminal completes transaction or issuer rejects transaction

23 ECONOMIC REVIEW FIRST QUARTER ENDNOTES 1 There is no source of comprehensive information on payment fraud losses in the United States (Sullivan 2009). The estimates in Table 1 rely on Federal Reserve surveys regarding fraud loss rates for debit card payments and retail payment values (Board of Governors 2011; Federal Reserve System 2011). Statistics on methods of compromise are available for PIN-authorized transactions (debit card transactions combined with ATM withdrawals) and signature-authorized debit card transactions, but not for credit cards. For credit cards, however, the distribution of methods of compromise is likely similar to that of signature debit, since both use similar authorization and approval methods. The estimates in Table 1 therefore assume that the loss rate on credit card payments is the same as that on signature-authorized debit card payments. 2 Another less common method of card payment fraud occurs when an imposter takes over a payment account. An account takeover may occur when a hacker obtains a consumer s user ID and password to access an online banking account and then performs fraudulent transactions. The share of signature and PIN debit fraud due to account takeover was 7 percent or less of all fraudulent transactions, throughout the period. 3 In the United States, debit cards may require either a PIN or a signature, ATM withdrawals require a PIN, and credit cards require a signature. 4 King provides an analysis comparing the security of PIN and signature transactions. 5 PIN debit is not widely used in IMOTO transactions because more Internet merchants are requiring card verification codes (a 3-digit code on the back of a payment card) which work only for signature debit transactions. In 2011, 79 percent of Internet merchants required the code, up from 66 percent in 2005 (Cybersource, 2007; 2012a). Acculynk provides a service that allows cardholders to enter a PIN for debit transactions on the Internet, but it is in the early stages of adoption. 6 In the few cases where card transactions occur when telecommunications connection is unavailable, card issuers set a transaction value under which they automatically approve payments despite the lack of connection. 7 The three-stage process described here applies to card-present transactions, wherein the actual card is present at the location of payment, and not to IMOTO transactions where the card is not present. 8 Physical elements of payment cards such as complex graphics and holograms are added to help deter counterfeiting. 9 Merchants can train their cashiers to spot forgeries. See for example, Is This Signature Forged? Bankers Online (www.bankersonline.com/articles/bhv01n11/ bhv01n11a7.html). Cashiers, however, can be mistaken or careless (John Hargrove, The Credit Card Prank,

24 82 FEDERAL RESERVE BANK OF KANSAS CITY 10 Seventy-nine percent of respondents to a survey of large online merchants ask for the card verification code (Cybersource 2012a). In contrast with cardpresent transactions, the merchant does not get a guaranteed payment when the card is not present. Merchants deploy a variety of tools to avoid card payment fraud, including confirmation of card verification codes, verification of cardholders addresses, transaction history tracking, and tracking of customers for histories of fraud. 11 As of January 17, See datalossdb.org. 12 The breach occurred at Heartland Payments Systems. These statistics are based on a list of affected banks on the Bank Info Security website (www.bankinfosecurity.com/articles.php?art_id=1200, accessed Feb. 23, 2012). The website speculates that the actual number of banks affected is closer to 3, In a recent example, scammers produced high-quality replicas of a mobile phone provider s alerts for its customers monthly bills and induced some recipients to reveal sensitive payment data (Goessl). 14 An organization called EMVCo manages the EMV specifications (see Formed in 1999, EMVCo is currently owned by American Express, JCB, MasterCard and Visa. EMVCo s current ownership reflects the acquisition of Europay by MasterCard in 2002 and the additions of JCB (2004) and American Express (2009). EMVCo also administers a testing and approval process and oversees procedures for confirming compliance with the EMV specification. 15 Not all countries have highly reliable telecommunications systems. The EMV specification allows card and cardholder authentication without an online connection using an interaction between the card and terminal. This article does not discuss offline authentication because the U.S. telecommunications system is highly reliable and allows nearly all card transactions to use online authentication. 16 The technology involves symmetric encryption keys (a key on the chip that is only known to the card issuer) and asymmetric encryption/digital certificates to confirm essential identities such as the issuer and the brand of the card. 17 Not all EMV payment cards use dynamic data authentication. Dynamic data authentication requires more capable and costly computer chips. 18 Dynamic authentication codes are related to a type of message element that computer scientists call a nonce ( number used once ) that is used only once (Anderson 2008a). If an authentication code changes from transaction to transaction, then the issuer has information that tells it the code is fresh or recently created. Security protocols include dynamic authentication specifically to prevent replay attacks. 19 A transaction with this card may be processed, however, if communications or computer systems are unavailable and the payment approval protocol defaults merely to a floor limit for offline authentication. 20 Dynamic authentication requires a computer chip but the chip does not necessarily need to reside on the payment card. A computer chip on a payment

EMV EMV TABLE OF CONTENTS

EMV EMV TABLE OF CONTENTS 2 TABLE OF CONTENTS Intro... 2 Are You Ready?... 3 What Is?... 4 Why?... 5 What Does Mean To Your Business?... 6 Checklist... 8 3 U.S. Merchants 60% are expected to convert to -enabled devices by 2015.

More information

AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA

AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA Australian Payments Clearing Association AUSTRALIAN PAYMENTS FRAUD DETAILS AND DATA 214 Australian Payments Clearing Association Limited ABN 12 55 136 519 CONTENTS OVERVIEW 1 SECTION 1 Fraud rates 4 SECTION

More information

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development

Heartland Secure. By: Michael English. A Heartland Payment Systems White Paper 2014. Executive Director, Product Development A Heartland Payment Systems White Paper 2014 Heartland Secure. By: Michael English Executive Director, Product Development 2014 Heartland Payment Systems. All trademarks, service marks and trade names

More information

Payments Transformation - EMV comes to the US

Payments Transformation - EMV comes to the US Accenture Payment Services Payments Transformation - EMV comes to the US In 1993 Visa, MasterCard and Europay (EMV) came together and formed EMVCo 1 to tackle the global challenge of combatting fraudulent

More information

A Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved.

A Guide to EMV. Version 1.0 May 2011. Copyright 2011 EMVCo, LLC. All rights reserved. A Guide to EMV Version 1.0 May 2011 Objective Provide an overview of the EMV specifications and processes What is EMV? Why EMV? Position EMV in the context of the wider payments industry Define the role

More information

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP

THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP THE FIVE Ws OF EMV BY DAVE EWALD GLOBAL EMV CONSULTANT AND MANAGER DATACARD GROUP WHERE IS THE U.S. PAYMENT CARD INDUSTRY NOW? WHERE IS IT GOING? Today, payment and identification cards of all types (credit

More information

EMV and Small Merchants:

EMV and Small Merchants: September 2014 EMV and Small Merchants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service

More information

A RE T HE U.S. CHIP RULES ENOUGH?

A RE T HE U.S. CHIP RULES ENOUGH? August 2015 A RE T HE U.S. CHIP RULES ENOUGH? A longer term view of security and the payments landscape is needed. Abstract: The United States is finally modernizing its card payment systems and confronting

More information

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV)

U.S. Bank. U.S. Bank Chip Card FAQs for Program Administrators. In this guide you will find: Explaining Chip Card Technology (EMV) U.S. Bank U.S. Bank Chip Card FAQs for Program Administrators Here are some frequently asked questions Program Administrators have about the replacement of U.S. Bank commercial cards with new chip-enabled

More information

Chip Card (EMV ) CAL-Card FAQs

Chip Card (EMV ) CAL-Card FAQs U.S. Bank Chip Card (EMV ) CAL-Card FAQs Below are answers to some frequently asked questions about the migration to U.S. Bank chipenabled CAL-Cards. This guide can help ensure that you are prepared for

More information

EMV ADOPTION AND YOU: WHAT YOU REALLY NEED TO KNOW

EMV ADOPTION AND YOU: WHAT YOU REALLY NEED TO KNOW : WHAT YOU REALLY NEED TO KNOW WHAT IS EMV? EMV specifications are a global set of guidelines developed by Europay, MasterCard and Visa (EMV) in the 1990s to standardize embedded chip card technology.

More information

Understand the Business Impact of EMV Chip Cards

Understand the Business Impact of EMV Chip Cards Understand the Business Impact of EMV Chip Cards 3 What About Mail/Telephone Order and ecommerce? 3 What Is EMV 3 How Chip Cards Work 3 Contactless Technology 4 Background: Behind the Curve 4 Liability

More information

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011

Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011 Enhancing Payment Card Security New Measures to be Phased in from 2 nd Quarter 2010 to 1 st Quarter 2011 On 5 th March 2010, The Association of Banks in Singapore announced key measures to adopt a holistic

More information

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change

THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change THE ROAD TO U.S. EMV MIGRATION Information and Strategies to Help Your Institution Make the Change Advancements in technological capabilities, along with increasing levels of counterfeit fraud, led the

More information

Securing the Payments System. The facts about fraud prevention

Securing the Payments System. The facts about fraud prevention Securing the Payments System The facts about fraud prevention Contents Introduction 3 Visa s Security Programme 4 Fraud Types and Threats 6 Fraud Statistics and Research 7 Visa s Security Agenda for New

More information

Practically Thinking: What Small Merchants Should Know about EMV

Practically Thinking: What Small Merchants Should Know about EMV Practically Thinking: What Small Merchants Should Know about EMV 1 Practically Thinking: What Small Merchants Should Know About EMV Overview Savvy business owners know that payments are about more than

More information

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful.

With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful. With the Target breach on everyone s mind, you may find these Customer Service Q & A s helpful. Breach Overview Q: Media reports are stating that Target experienced a data breach. Can you provide more

More information

Making the Move to EMV: The Risks and the Rewards

Making the Move to EMV: The Risks and the Rewards White paper A First Capital Payments Smart Guide Making the Move to EMV: The Risks and the Rewards Understanding, Implementing, and Benefitting From EMV Technology By: Hiram Hernandez, Jr. CEO, First Capital

More information

NEWS BULLETIN 2015-16

NEWS BULLETIN 2015-16 NEWS BULLETIN Maine Automobile Dealers Association 180 Civic Center Drive P. O. Box 2667 Augusta, Maine 04338-2667 DIAL 623-3882 e-mail:info@maineautodealers.com FAX 623-2318 DISTRIBUTION General Manager

More information

What Merchants Need to Know About EMV

What Merchants Need to Know About EMV Effective November 1, 2014 1. What is EMV? EMV is the global standard for card present payment processing technology and it s coming to the U.S. EMV uses an embedded chip in the card that holds all the

More information

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard

toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard toast EMV in 2015: How Restaurants Can Prepare for the New Chip-and-Pin Standard Table of Contents For more than 40 years, merchants and consumers have used magnetic stripe credit cards and compatible

More information

Save Money on Credit Card Processing. So how do you save money on credit card processing? It is a very simple process.

Save Money on Credit Card Processing. So how do you save money on credit card processing? It is a very simple process. My main responsibility as a Regional Account Manager for IMD is obtain the absolute lowest possible merchant fees for you as a business. Why? The more customers we can save money, the more volume of business

More information

EMV ADOPTION AND ITS IMPACT ON FRAUD MANAGEMENT WORLDWIDE

EMV ADOPTION AND ITS IMPACT ON FRAUD MANAGEMENT WORLDWIDE EMV ADOPTION AND ITS IMPACT ON FRAUD MANAGEMENT WORLDWIDE A Mercator Advisory Group Research Brief Sponsored by FICO January 2014 Table of Contents Introduction...3 The EMV Standard and What It Does...3

More information

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation Your Single Source for credit, debit and pre-paid services Fraud Risk and Mitigation Agenda Types of Fraud Fraud Identification Notifications Next Steps 11/8/2013 2 Types of Fraud Lost and Stolen Cards

More information

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means

EMV and Chip Cards Key Information On What This Is, How It Works and What It Means EMV and Chip Cards Key Information On What This Is, How It Works and What It Means Document Purpose This document is intended to provide information about the concepts behind and the processes involved

More information

PCI and EMV Compliance Checkup

PCI and EMV Compliance Checkup PCI and EMV Compliance Checkup ATM Security Jim Pettitt Director, ATM Security Diebold Incorporated Agenda ATM threats today Top of mind risk PCI Impact on Security U.S. EMV Migration Conclusions / recommendations

More information

Preparing for EMV chip card acceptance

Preparing for EMV chip card acceptance Preparing for EMV chip card acceptance Ben Brown Vice President, Regional Sales Manager, Wells Fargo Merchant Services Lily Page Vice President, Wholesale ereceivables, Wells Fargo Merchant Services June

More information

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon

U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon U.S. Smart Card Migration: Stripe to EMV Claudia Swendseid, Federal Reserve Bank of Minneapolis Terry Dooley, SHAZAM Kristine Oberg, Elavon UMACHA Navigating Payments 2014 October 8, 2014 Who We Are Claudia

More information

PREPARING FOR THE MIGRATION TO EMV IN

PREPARING FOR THE MIGRATION TO EMV IN PREPARING FOR THE MIGRATION TO EMV IN THE U.S. A Mercator Advisory Group Research Brief Sponsored by Merchant Warehouse 2010 Mercator Advisory Group, Inc. 8 Clock Tower Place, Suite 420 Maynard, MA 01754

More information

Chargebacks: Another Payment Card Acceptance Cost for Merchants

Chargebacks: Another Payment Card Acceptance Cost for Merchants Chargebacks: Another Payment Card Acceptance Cost for Merchants Fumiko Hayashi, Zach Markiewicz, and Richard J. Sullivan January 216 RWP 16-1 http://dx.doi.org/1.18651/rwp216-1 Chargebacks: Another Payment

More information

Debit and credit card payments are convenient for consumers,

Debit and credit card payments are convenient for consumers, The Changing Nature of U.S. Card Payment Fraud: Industry and Public Policy Options By Richard J. Sullivan Debit and credit card payments are convenient for consumers, widely accepted by merchants, and

More information

welcome to liber8:payment

welcome to liber8:payment liber8:payment welcome to liber8:payment Our self-service kiosks free up staff time and improve the overall patron experience. liber8:payment further enhances these benefits by providing the convenience

More information

Introductions 1 min 4

Introductions 1 min 4 1 2 1 Minute 3 Introductions 1 min 4 5 2 Minutes Briefly Introduce the topics for discussion. We will have time for Q and A following the webinar. 6 Randy - EMV History / Chip Cards /Terminals 5 Minutes

More information

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems

EMV and Restaurants: What you need to know. Mike English. October 2014. Executive Director, Product Development Heartland Payment Systems October 2014 EMV and Restaurants: What you need to know Mike English Executive Director, Product Development Heartland Payment Systems 2014 Heartland Payment Systems, Inc. All trademarks, service marks

More information

Fraud Protection, You and Your Bank

Fraud Protection, You and Your Bank Fraud Protection, You and Your Bank Maximize your chances to minimize your losses Presentation for Missouri GFOA April 2011 By: Terry Endres, VP, Government Treasury Solutions Phone: 314-466-6774 Terry.m.endres@baml.com

More information

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1

Payment Card Industry (PCI) Data Security Standard. PCI DSS Applicability in an EMV Environment A Guidance Document Version 1 Payment Card Industry (PCI) Data Security Standard PCI DSS Applicability in an EMV Environment A Guidance Document Version 1 Release date: 5 October 2010 Table of Contents 1 Executive Summary... 3 1.1

More information

Target Security Breach

Target Security Breach Target Security Breach Lessons Learned for Retailers and Consumers 2014 Pointe Solutions, Inc. PO Box 41, Exton, PA 19341 USA +1 610 524 1230 Background In the aftermath of the Target breach that affected

More information

Visa Recommended Practices for EMV Chip Implementation in the U.S.

Visa Recommended Practices for EMV Chip Implementation in the U.S. CHIP ADVISORY #20, UPDATED JULY 11, 2012 Visa Recommended Practices for EMV Chip Implementation in the U.S. Summary As issuers, acquirers, merchants, processors and vendors plan and begin programs to adopt

More information

How to Prepare. Point of sale requirements are changing. Get ready now.

How to Prepare. Point of sale requirements are changing. Get ready now. How to Prepare for EMV Point of sale requirements are changing. Get ready now. The EMV mandate is fast approaching. Now is the time to plan a strategy to prepare for this change. 2 EMV: The Backstory 3

More information

EMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com

EMV FAQs. Contact us at: CS@VancoPayments.com. Visit us online: VancoPayments.com EMV FAQs Contact us at: CS@VancoPayments.com Visit us online: VancoPayments.com What are the benefits of EMV cards to merchants and consumers? What is EMV? The acronym EMV stands for an organization formed

More information

Mitigating Fraud Risk Through Card Data Verification

Mitigating Fraud Risk Through Card Data Verification Risk Management Best Practices 11 September 2014 Mitigating Fraud Risk Through Card Data Verification AP, Canada, CEMEA, LAC, U.S. Issuers, Processors With a number of cardholder payment options (e.g.,

More information

EMV's Role in reducing Payment Risks: a Multi-Layered Approach

EMV's Role in reducing Payment Risks: a Multi-Layered Approach EMV's Role in reducing Payment Risks: a Multi-Layered Approach April 24, 2013 Agenda EMV Rationale Why is this worth the effort? Guides how we implement it EMV Vulnerability at the POS EMV Impact on CNP

More information

PAGE ONE Economics CLASSROOM EDITION. The Smart-Chip Credit Card: A Current Solution

PAGE ONE Economics CLASSROOM EDITION. The Smart-Chip Credit Card: A Current Solution PAGE ONE Economics CLASSROOM EDITION An informative and accessible economic essay with a classroom application. Includes the full version of Page One Economics, plus questions for students and an answer

More information

Relay attacks on card payment: vulnerabilities and defences

Relay attacks on card payment: vulnerabilities and defences Relay attacks on card payment: vulnerabilities and defences Saar Drimer, Steven J. Murdoch http://www.cl.cam.ac.uk/users/{sd410, sjm217} Computer Laboratory www.torproject.org 24C3, 29 December 2007, Berlin,

More information

PREVENTING PAYMENT CARD DATA BREACHES

PREVENTING PAYMENT CARD DATA BREACHES NEW SCIENCE TRANSACTION SECURITY ARTICLE PREVENTING PAYMENT CARD DATA BREACHES DECEMBER 2014 UL.COM/NEWSCIENCE NEW SCIENCE TRANSACTION SECURITY OVERVIEW From research on the latest electronic transaction

More information

What is EMV? What is different?

What is EMV? What is different? U.S. consumers are receiving new debit and credit cards with embedded chip technology that better stores and protects cardholder information. These new chip cards are part of the new card standard, Europay,

More information

OpenEdge Research & Development Group April 2015

OpenEdge Research & Development Group April 2015 2015: Security, Merchant Readiness & the Coming Liability Shift OpenEdge Research & Development Group April 2015 solutions@openedgepay.com openedgepay.com 2015: Security, Merchant Table of Contents The

More information

The Merchant. Skimming is No Laughing Matter. A hand held skimming device. These devices can easily be purchased online.

The Merchant. Skimming is No Laughing Matter. A hand held skimming device. These devices can easily be purchased online. 1 February 2010 Volume 2, Issue 1 The Merchant Serving Florida State University s Payment Card Community Individual Highlights: Skimming Scam 1 Skimming at Work 2 Safe at Home 3 Read your Statement 4 Useful

More information

General Information for Cardholder s on PIN & PAY

General Information for Cardholder s on PIN & PAY General Information for Cardholder s on PIN & PAY As part of our on-going initiative to enhance security, we are pleased to introduce the 6-digit PIN (Personal Identification Number) for validation, replacing

More information

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization Frequently Asked Questions What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization Issuers across the United States are beginning to embark in the planning and execution phase

More information

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group

The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group The Adoption of EMV Technology in the U.S. By Dave Ewald Global Industry Sales Consultant Datacard Group Abstract: Visa Inc. and MasterCard recently announced plans to accelerate chip migration in the

More information

Community Financial Institution EMV Readiness

Community Financial Institution EMV Readiness Community Financial Institution EMV Readiness EMV is a trademark owned by EMVCo LLC 2014 First Data Corporation. All Rights Reserved. Copyright 2014 First Data Corporation EMV Timeline 2011: EMV technology

More information

A Guide to EMV Version 1.0 May 2011

A Guide to EMV Version 1.0 May 2011 Table of Contents TABLE OF CONTENTS... 2 LIST OF FIGURES... 4 1 INTRODUCTION... 5 1.1 Purpose... 5 1.2 References... 5 2 BACKGROUND... 6 2.1 What is EMV... 6 2.2 Why EMV... 7 3 THE HISTORY OF EMV... 8

More information

DATA SECURITY: EVERYTHING YOU NEED TO KNOW

DATA SECURITY: EVERYTHING YOU NEED TO KNOW DATA SECURITY: EVERYTHING YOU NEED TO KNOW! Data Breaches: Where, What and Why! Federal and State Regulations to Protect Data! EMV Chip Technology! PIN or Signature?! Existing and Emerging Security Options!

More information

Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud

Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud Serving millions of people worldwide with electronic payment convenience. Euronet s EMV Chip Solutions Superior Protection with Enhanced Security against Fraud Copyright 2011 Euronet Worldwide, Inc. All

More information

American Express Contactless Payments

American Express Contactless Payments PRODUCT CAPABILITY GUIDE American Express Contactless Payments American Express Contactless Payments Help Enable Increased Convenience For Card Members At The Point Of Sale American Express contactless

More information

M/Chip Functional Architecture for Debit and Credit

M/Chip Functional Architecture for Debit and Credit M/Chip Functional Architecture for Debit and Credit Christian Delporte, Vice President, Chip Centre of Excellence, New Products Engineering Suggested routing: Authorization, Chargeback, Chip Technology,

More information

RFID Technology in Payment Cards

RFID Technology in Payment Cards CISBC/YT Financial Crime Awareness Bulletin UNCLASSIFIED (Public Version) Inside this issue: Global/Canada 2 Credit cards 3 Debit cards 4 Remarks 5 RFID stands for Radio-Frequency IDentification. The acronym

More information

The Canadian Migration to EMV. Prepared By:

The Canadian Migration to EMV. Prepared By: The Canadian Migration to EMV Prepared By: December 1993 Everyone But The USA Is Migrating The international schemes decided Smart Cards are the way forward Europay, MasterCard & Visa International Produced

More information

Sponsored by Sponsored By

Sponsored by Sponsored By CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited CUNA Mutual Group Sponsored by Sponsored By Plastic Card Risk Exposures 2011 2 Disclaimer This presentation was created

More information

In the United States, when a consumer presents a payment to a

In the United States, when a consumer presents a payment to a Can Smart Cards Reduce Payments Fraud and Identity Theft? By Richard J. Sullivan In the United States, when a consumer presents a payment to a merchant, the merchant typically makes a request for authorization

More information

SAFE AND SECURE PAYMENTS: THE MASTERCARD APPROACH

SAFE AND SECURE PAYMENTS: THE MASTERCARD APPROACH SAFE AND SECURE PAYMENTS: THE MASTERCARD APPROACH Global point of view For nearly 50 years MasterCard has been safeguarding the way you pay. We have been innovating solutions driven by data and insights

More information

Prevention Is Better Than Cure EMV and PCI

Prevention Is Better Than Cure EMV and PCI Prevention Is Better Than Cure EMV and PCI Prevention Is Better Than Cure An independent view on the effectiveness of EMV and PCI in case of large-scale card compromise. Over the past couple of months,

More information

2015-11-02. Electronic Payments Part 1

2015-11-02. Electronic Payments Part 1 Electronic Payments Part Card transactions Card-Present Smart Cards Card-Not-Present SET 3D Secure Untraceable E-Cash Micropayments Payword Electronic Lottery Tickets Peppercoin Bitcoin EITN4 - Advanced

More information

EMV in Hotels Observations and Considerations

EMV in Hotels Observations and Considerations EMV in Hotels Observations and Considerations Just in: EMV in the Mail Customer Education: Credit Card companies have already started customer training for the new smart cards. 1 Questions to be Answered

More information

Card Acceptance Best Practices Playing it Safe at the Point of Sale

Card Acceptance Best Practices Playing it Safe at the Point of Sale White Paper Card Acceptance Best Practices Playing it Safe at the Point of Sale Fraudulent activity costs U.S. businesses billions. And that is just lost revenue. When you consider the associated damage

More information

EMV Frequently Asked Questions for Merchants May, 2014

EMV Frequently Asked Questions for Merchants May, 2014 EMV Frequently Asked Questions for Merchants May, 2014 Copyright 2014 Vantiv All rights reserved. Disclaimer The information in this document is offered on an as is basis, without warranty of any kind,

More information

EMV : Frequently Asked Questions for Merchants

EMV : Frequently Asked Questions for Merchants EMV : Frequently Asked Questions for Merchants The information in this document is offered on an as is basis, without warranty of any kind, either expressed, implied or statutory, including but not limited

More information

Implication of EMV Migration for the U.S. Transportation Industry. May 1, 2015. Implication of EMV Migration for the U.S. Transportation Industry

Implication of EMV Migration for the U.S. Transportation Industry. May 1, 2015. Implication of EMV Migration for the U.S. Transportation Industry Implication of EMV Migration for the U.S. Transportation Industry 1 Introduction Transportation payment methods are constantly evolving. When cash handling became too expensive and inconvenient, the metal

More information

SellWise User Group. Thursday, February 19, 2015

SellWise User Group. Thursday, February 19, 2015 SellWise User Group Thursday, February 19, 2015 Slides and recording posted on scouting.org/financeimpact Look on the Council Fiscal Management Tab, then look at the bottom left for Sellwise Support/User

More information

PROTECT YOUR BUSINESS FROM LOSSES WHILE ACCEPTING CREDIT CARDS

PROTECT YOUR BUSINESS FROM LOSSES WHILE ACCEPTING CREDIT CARDS PROTECT YOUR BUSINESS FROM LOSSES WHILE ACCEPTING CREDIT CARDS TABLE OF CONTENTS Introduction...1 Preventing Fraud in a Card-Present Environment...2 How to Reduce Chargebacks in a Card-Present Environment...4

More information

Fraud in the U.S. Payments Industry: Fraud Mitigation and Prevention Measures in Use and Chip Card Technology Impact on Fraud

Fraud in the U.S. Payments Industry: Fraud Mitigation and Prevention Measures in Use and Chip Card Technology Impact on Fraud Fraud in the U.S. Payments Industry: Fraud Mitigation and Prevention Measures in Use and Chip Card Technology Impact on Fraud A Smart Card Alliance White Paper Publication Date: October 2009 Publication

More information

THE CHANGING NATURE OF U.S. CARD PAYMENT FRAUD: ISSUES FOR INDUSTRY AND PUBLIC POLICY

THE CHANGING NATURE OF U.S. CARD PAYMENT FRAUD: ISSUES FOR INDUSTRY AND PUBLIC POLICY THE CHANGING NATURE OF U.S. CARD PAYMENT FRAUD: ISSUES FOR INDUSTRY AND PUBLIC POLICY Richard J. Sullivan Federal Reserve Bank of Kansas City* May 21, 2010 For presentation at the 2010 Workshop on the

More information

Why Data Security is Critical to Your Brand

Why Data Security is Critical to Your Brand Why Data Security is Critical to Your Brand Why security is critical to your brand Cybercriminals do not discriminate based on industry or business size. Security is expensive. At least, it is if you wait

More information

FAQ on EMV Chip Debit Card and Online Usage

FAQ on EMV Chip Debit Card and Online Usage FAQ on EMV Chip Debit Card and Online Usage Security enhancement on HSBC India Debit Card A Secure Debit Card HSBC India Debit Cards are more secure and enabled with the Chip and PIN technology? You can

More information

A Brand New Checkout Experience

A Brand New Checkout Experience A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small

More information

A Brand New Checkout Experience

A Brand New Checkout Experience A Brand New Checkout Experience EMV Transformation EMV technology is transforming the U.S. payment industry, bringing a whole new experience to the checkout counter. Introduction What is EMV? It s 3 small

More information

American Bankers Association

American Bankers Association Statement for the Record Of the American Bankers Association before the Committee on Small Business United States House of Representatives Statement for the Record American Bankers Association Committee

More information

Question & Answer. Answer:

Question & Answer. Answer: What is a chip card? A chip card is a standard-size plastic debit or credit card that contains an embedded microchip, as well as the traditional magnetic stripe. The chip protects in-store payments because

More information

Protecting the POS Answers to Your Frequently Asked Questions

Protecting the POS Answers to Your Frequently Asked Questions Protecting the POS Answers to Your Frequently Asked Questions PROTECTING THE POS What is skimming? Skimming is the transfer of electronic data from one magnetic stripe to another for fraudulent purposes.

More information

Credit card: permits consumers to purchase items while deferring payment

Credit card: permits consumers to purchase items while deferring payment General Payment Systems Cash: portable, no authentication, instant purchasing power, allows for micropayments, no transaction fee for using it, anonymous But Easily stolen, no float time, can t easily

More information

Testimony of Scott Talbott, Sr. V.P. for Government Relations, Electronic Transactions Association (ETA)

Testimony of Scott Talbott, Sr. V.P. for Government Relations, Electronic Transactions Association (ETA) Testimony of Scott Talbott, Sr. V.P. for Government Relations, Electronic Transactions Association (ETA) House Small Business Committee Hearing on the EMV Deadline and What It Means for Small Business

More information

Chip Terms Explained A Guide to Smart Card Terminology

Chip Terms Explained A Guide to Smart Card Terminology Chip Terms Explained A Guide to Smart Card Terminology Contents 1 AAC Application Authentication Cryptogram AID Application Identifier Applet ARQC Authorization Request Cryptogram ARPC Authorization Response

More information

What Merchants Need To Know About The New Credit Card Processing Liability Regulations

What Merchants Need To Know About The New Credit Card Processing Liability Regulations What Merchants Need To Know About The New Credit Card Processing Liability Regulations How To Be Compliant: Post-October 1st EMV Deadline An ebook by MerchantPro Express www.merchantproexpress.com Meet

More information

Security Failures in Smart Card Payment Systems: Tampering the Tamper-Proof

Security Failures in Smart Card Payment Systems: Tampering the Tamper-Proof Security Failures in Smart Card Payment Systems: Tampering the Tamper-Proof Saar Drimer Steven J. Murdoch Ross Anderson www.cl.cam.ac.uk/users/{sd410,sjm217,rja14} Computer Laboratory www.torproject.org

More information

EMV and Restaurants What you need to know! November 19, 2014

EMV and Restaurants What you need to know! November 19, 2014 EMV and Restaurants What you need to know! Mike English Executive Director of Product Development Kristi Kuehn Sr. Director, Compliance November 9, 204 Agenda EMV overview Timelines Chip Card Liability

More information

How to Help Prevent Fraud

How to Help Prevent Fraud TD Canada Trust How to Help Prevent Fraud Merchant Services tips to help protect your business Fraud Awareness All credit cards issued in Canada are designed with special security features to help deter

More information

Smart Cards for Payment Systems

Smart Cards for Payment Systems White Paper Smart Cards for Payment Systems An Introductory Paper describing how Thales e-security can help banks migrate to Smart Card Technology Background In this paper: Background 1 The Solution 2

More information

Langara College PCI Awareness Training

Langara College PCI Awareness Training Langara College PCI Awareness Training Have you heard of PCI? Due to the increase of credit card fraud and identity theft, major credit card companies like Visa, MasterCard and Amex have formed a security

More information

4 PAYMENT CARD SECURITY IN THE CONTEXT OF EUROPEAN HARMONISATION

4 PAYMENT CARD SECURITY IN THE CONTEXT OF EUROPEAN HARMONISATION 4 PAYMENT CARD SECURITY IN THE CONTEXT OF EUROPEAN HARMONISATION The Observatory for Payment Cards Security took note of the development in 2005 of two proposals for harmonising card payments in Europe.

More information

May 14, 2015. Statement for the Record. On behalf of the. American Bankers Association. Consumer Bankers Association

May 14, 2015. Statement for the Record. On behalf of the. American Bankers Association. Consumer Bankers Association Statement for the Record On behalf of the American Bankers Association Consumer Bankers Association Credit Union National Association Independent Community Bankers of America National Association of Federal

More information

Platinum and Platinum Rewards Visa EMV Credit Cards Frequently Asked Questions (FAQ s)

Platinum and Platinum Rewards Visa EMV Credit Cards Frequently Asked Questions (FAQ s) Platinum and Platinum Rewards Visa EMV Credit Cards Frequently Asked Questions (FAQ s) What is EMV? EMV stands for Europay, MasterCard and Visa. EMV or chip cards have been in use in Europe for over 20

More information

Protect Your Personal Information. Tips and tools to help safeguard you against identity theft

Protect Your Personal Information. Tips and tools to help safeguard you against identity theft Protect Your Personal Information Tips and tools to help safeguard you against identity theft Trademark of Visa International Service Association; Visa Canada Association is a licensed user. What is Identity

More information

To all GRSB debit and credit card customers:

To all GRSB debit and credit card customers: To all GRSB debit and credit card customers: A data breach at the Target Corporation may have exposed 40 million credit/debit cards to potential fraudulent activity. If you made purchases in a Target store

More information

EMV flaws and fixes: vulnerabilities in smart card payment systems

EMV flaws and fixes: vulnerabilities in smart card payment systems EMV flaws and fixes: vulnerabilities in smart card payment systems Steven J. Murdoch www.cl.cam.ac.uk/users/sjm217 OpenNet Initiative Computer Laboratory www.opennet.net COSIC seminar, 11 June 2007, ESAT,

More information

Be*PINWISE Cardholder FAQs

Be*PINWISE Cardholder FAQs Be*PINWISE Cardholder FAQs 1. Who is behind the BuySafe initiative? The Industry Security Initiative (ISI)/BuySafe initiative comprises representatives of ten Australian financial institutions including

More information

Eagle POS Procedure Guide For Epicor Bankcard Processing

Eagle POS Procedure Guide For Epicor Bankcard Processing Eagle POS Procedure Guide For Epicor Bankcard Processing Table of Contents Introduction... 3 1 Transactions using a Swiped Bankcard... 3 Basic Swiped Credit Card Sale & Return transaction... 3 Sales &

More information

Credit Card PIN & PAY Frequently Asked Questions (FAQ)

Credit Card PIN & PAY Frequently Asked Questions (FAQ) Credit Card PIN & PAY Frequently Asked Questions (FAQ) 1. What is a PIN & PAY card? PIN & PAY card is a PIN - enabled card that allows you to make purchase by keying in a 6-digit PIN, with no signature

More information

Payments Fraud: It's Not Fun & Games

Payments Fraud: It's Not Fun & Games Payments Fraud: It's Not Fun & Games Claudia Swendseid Senior Vice President Payments Information & Outreach Office Federal Reserve Bank of Minneapolis NACHA Payments 2015 Claudia Swendseid Senior Vice

More information

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc.

Payment Methods. The cost of doing business. Michelle Powell - BASYS Processing, Inc. Payment Methods The cost of doing business Michelle Powell - BASYS Processing, Inc. You ve got to spend money, to make money Major Industry Topics Industry Process Flow PCI DSS Compliance Risks of Non-Compliance

More information